www.technocorp.co.

in

Configuring and Troubleshooting Network File and Print Services

Module Overview
www.technocorp.co.in

Configuring and Troubleshooting File Shares Encrypting Network Files with EFS Encrypting Partitions with BitLocker Configuring and Troubleshooting Network Printing

Configuring and Troubleshooting File Shares

What Is a File Share? Demonstration: How to Create a File Share What Are NTFS Permissions? Demonstration: How to Configure NTFS Permissions Troubleshooting Network File Access Permissions What Is Access-Based Enumeration? File Access Enhancements in Windows Server 2008
www.technocorp.co.in

What Is a File Share?

A file share is a folder on a server that has been configured for access over the network

www.technocorp.co.in

File share permissions are: Full Control

Change
Read Access file shares by using: A UNC path Mapped drive letter

Demonstration: How to Create a File Share

www.technocorp.co.in

In the demonstration, you will see how to: Create a file share by using simplified interface Create a file share by using advanced sharing Configure advanced sharing for a file share

What Are NTFS Permissions?

www.technocorp.co.in
NTFS permissions control which users or groups can access or modify files and folders on NTFS formatted partitions The basic NTFS permissions are: Full Control Modify Read & Execute List folder contents Read Write

Demonstration: How to Configure NTFS Permissions

www.technocorp.co.in

In this demonstration, you will see how to: Configure NTFS permissions View advanced NTFS permissions View inherited permissions

Troubleshooting Network File Access Permissions

www.technocorp.co.in
The troubleshooting steps are: Check effective NTFS permissions Deny permission overrides allow permission Verify share permissions Assigning Full Control to the Everyone group simplifies permission assignment

What Is Access-Based Enumeration?

Access-based enumeration:

www.technocorp.co.in

Hides files and folder that you do not have read access to

Simplifies file browsing for users

Is enabled automatically when sharing is enabled using the simplified sharing interface

Can be enabled and disabled in Share and Storage Management

File Access Enhancements in Windows Server 2008

Windows Server 2008 includes SMB 2.0:

www.technocorp.co.in

Enhances performance over slow networks

Combines multiple commands into a single request

Combines multiple commands into a single request Windows Server 2008 R2 includes SMB 2.1: Client oplock leasing
Large MTU support Better support for sleep modes

Encrypting Network Files with EFS

www.technocorp.co.in

What Is EFS? How EFS works Recovering EFS Encrypted Files Demonstration: How to Encrypt a File by Using EFS

What Is EFS?
www.technocorp.co.in
EFS is a feature that can encrypt files stored on an

NTFS formatted partition

EFS Encryption acts as an additional layer of security

EFS can be used with no configuration

How EFS works

Symmetric encryption is used to protect the file data File Encryption Key (FEK)

www.technocorp.co.in

Public key encryption is used to protect the symmetric key User certificate with public key and private key Also certificate of recovery agent

EFS

Recovering EFS Encrypted Files

www.technocorp.co.in
To ensure you can recover EFS encrypted files: Back up user certificates

Configure a recovery agent

Demonstration: How to Encrypt a File by Using EFS

www.technocorp.co.in

In this demonstration, you will see how to: Verify that a computer account supports EFS on a network share Use EFS to encrypt a file on a network share View the certificate used for encryption Test access to an encrypted file

Encrypting Partitions with BitLocker

www.technocorp.co.in

What Is BitLocker? How BitLocker Works Recovering BitLocker Encrypted Drives Demonstration: How to Encrypt a Partition by Using BitLocker

What Is BitLocker?
A feature in Windows Server 2008 that allows you to encrypt entire partitions Benefits for BitLocker are: Data protection for stolen drives Safe shipping of preconfigured servers Easier decommissioning of drives Maintaining system integrity

www.technocorp.co.in

How BitLocker Works

To use BitLocker there must be two partitions:

System with boot files

www.technocorp.co.in

Boot with operating system files (C:)

A Volume Master Key encrypts each partition

A Full Volume Encryption Key encrypts the Volume Master Keys

The Full Volume Encryption Key is stored in a TPM

Recovering BitLocker Encrypted Drives

BitLocker encrypted drives can be recovered by using: A recovery password

www.technocorp.co.in

In Active Directory

Saved or printed immediately after encryption

A recovery key from USB flash drive Saved immediately after encryption

A data recovery agent Configured by using Group Policy

Demonstration: How to Encrypt a Partition by Using BitLocker

www.technocorp.co.in

In this demonstration, you will see how to: Install the BitLocker feature Configure Bitlocker to not require a TPM Enable BitLocker when a TPM is unavailable Access the recovery password

Configuring and Troubleshooting Network Printing

Benefits of Network Printing Security Options for Network Printing Demonstration: How to Create Multiple Configurations for a Print Device What Is Printer Pooling? Deploying Printers to Clients Discussion: Troubleshooting Network Printing
www.technocorp.co.in

Benefits of Network Printing

Centralized management Simplified troubleshooting

www.technocorp.co.in

Lower total cost of ownership Listing in Active Directory

Security Options for Network Printing The default security allows:

Everyone to print

www.technocorp.co.in

Everyone to manage their own The available permissions are: Print

Manage this printer

Manage documents

Demonstration: How to Create Multiple Configurations for a Print Device

www.technocorp.co.in

In this demonstration, you will see how to: Create a shared printer Create a second printer using the same port Increase the priority of the second printer

What Is Printer Pooling?

Printer pooling is a way to combine multiple physical printers into a single logical unit

www.technocorp.co.in

A printer pool: Increases availability and scalability Requires all printers be the same model Requires all printers in the same location

Deploying Printers to Clients

You can deploy printers to clients by using: Group Policy preferences

www.technocorp.co.in

Group Policy objects created by Print Management Manual installation

Discussion: Troubleshooting Network Printing

What are some common network printing problems and their resolution?

www.technocorp.co.in

5 min

Lab: Configuring and Troubleshooting Network File and Print Services

www.technocorp.co.in

Exercise 1: Creating and Configuring a File Share Exercise 2: Encrypting and Recovering Files Exercise 3: Creating and Configuring a Printer Pool
Logon information

Virtual machine User name Password

Estimated time: 75 minutes

6421B-NYC-DC1 6421B-NYC-CL1 Contoso\Administrator Pa$$w0rd

Lab Scenario
You are configuring a new file server that will hold files shared by multiple departments. The first two departments to move their files to this location are the Marketing and Production departments. You need to configure the file share so that each department has access to view and modify only their own files. In addition, users should not see files and folder that they do not have access to. Your organization would like to allow users to start encrypting files by using EFS. However, there are concerns about recoverability. To enhance the management of the certificates used for EFS, you are going to configure an internal certification authority to issue certificates to users. You will also configure a recovery agent for EFS and verify that the recovery agent can recover files. The Marketing department has a single central copy room that stores the printer for the entire floor. Over the last year, the capacity of your printer has become a concern. In particular, when a user prints a large job, it prevents other users from obtaining their print jobs for 10 or 15 minutes. To resolve this problem, you have purchased two new identical printers to configure as a printer pool for the Marketing department. www.technocorp.co.in

Lab Review
www.technocorp.co.in

In Exercise 1, why did Adam only see the Marketing folder? In Exercise 2, why was the Administrator account able to open the encrypted file? When two ports are enabled for a printer, how do you know where a print job will be directed?